Essential Python Libraries for Hackers and Security Researchers

Native Libraries

Most up-to date reference for important native libraries is the official documentations. Since all native libraries are equally important for hackers and security researches, we will not go into such detail here. Please refer to original docimentation index for the full list:

https://docs.python.org/2/library/index.html

https://docs.python.org/3/library/index.html

However, following libraries needs to be highlighted:

File and Directory Access

https://docs.python.org/2/library/filesys.html

https://docs.python.org/3/library/filesys.html

Cryptographic Services

https://docs.python.org/2/library/crypto.html

https://docs.python.org/3/library/crypto.html

Generic Operating System Services

https://docs.python.org/2/library/allos.html

https://docs.python.org/3/library/allos.html

Concurrency

https://docs.python.org/2/library/concurrency.html

https://docs.python.org/3/library/concurrency.html

IPC and Networking

https://docs.python.org/2/library/ipc.html

https://docs.python.org/3/library/ipc.html

Structured Markup Processing Tools

https://docs.python.org/2/library/markup.html

https://docs.python.org/3/library/markup.html

Internet Protocol and Support

https://docs.python.org/2/library/internet.html

https://docs.python.org/3/library/internet.html

Open arbitrary resources by URL

https://docs.python.org/2/library/urllib.html

https://docs.python.org/3/library/urllib.html

Unix Specific Services

https://docs.python.org/2/library/unix.html

https://docs.python.org/3/library/unix.html

Support for line-oriented command interpreters

https://docs.python.org/2/library/cmd.html

https://docs.python.org/3/library/cmd.html

Disassembler for Python bytecode

https://docs.python.org/2/library/dis.html

https://docs.python.org/3/library/dis.html

General Libraries

Virtualenv

Network or Internet Related Libraries

Scapy – Packet manipulation program

Forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

Zeep – SOAP Client

Zeep inspects the WSDL document and generates the corresponding code to use the services and types in the document. This provides an easy to use programmatic interface to a SOAP server.

Homepage: http://docs.python-zeep.org/en/master/

Python-nmap

Homepage: http://xael.org/pages/python-nmap-en.html

Bitbucket: https://bitbucket.org/xael/python-nmap

Sully – Fully automated and unattended fuzzing framework

Github: https://github.com/OpenRCE/sulley

Binary Analysis Related Libraries

PyHooks – Python wrapper for global input hooks in Windows

Provides callbacks for mouse and keyboard events; events can be monitored and filtered.

Homepage: https://sourceforge.net/projects/pyhook/

Since this is no longer maintained better to use ctypes “windll.user32”: https://github.com/m1lhaus/woofer/blob/master/components/winkeyhook.p

pefile – Parse and work with PE files

Inspecting headers, analysis of sections’ data, retrieving embedded data, reading strings from the resources. warnings for suspicious and malformed values, Overwriting fields, Packer detection with PEiD’s signatures, PEiD signature generation. Support to write to some of the fields and to other parts of the PE.

Homepage / Github: https://github.com/erocarrera/pefile

Pydasm – Disassembler

Homepage / Github: https://github.com/axcheron/pydasm

PyDbg – win32 debugger interface

Github: https://github.com/OpenRCE/pydbg

Presentation: https://www.exploit-db.com/docs/21086.pdf

Automation Related Libraries

Pexpect – Controlling other applications

Pexpect is a pure Python module for spawning child applications; controlling them; and responding to expected patterns in their output.